2019 National Cyber Summit

Summit Speaker Rob Wood

Session Information

Building Secure Devices in Untrusted Factories
Wednesday, June 06, 2018 01:30PM - 02:15PM
Today the production of hardware devices involves multiple suppliers at various stages of the production and support life-cycle. With very few exceptions, no electronics manufacturer actually designs and manufactures every single component of a device in their own factory. These hardware and manufacturing supply chains introduce considerable risk that threat actors could gain an opportunity to defraud, steal, counterfeit, or otherwise undermine the security of the produced electronic devices.

Some things that we will discuss in detail:

Why you should not trust your factories. We will explore the various attack patterns seen in real-world manufacturing environments.
How you can build a secure product that your customers can trust even when using untrusted factories and repair center partners.

We will talk about actual solutions that have been implemented to great effect.
South Hall - Meeting Room 2
Mr. Rob Wood photo
Mr. Rob Wood
Practice Director, Hardware and Embedded Security Services
NCC Group
Rob Wood is the Practice Director for the Hardware and Embedded Security Services practice at NCC Group. His career in embedded devices spans 16 years, having worked at both BlackBerry and Motorola Mobility in roles focused on embedded software development, product firmware and hardware security, and supply chain security. Rob is an experienced firmware developer with extensive security architecture experience. His specialty is in designing, building, and reviewing products to push the security boundaries deeper into the firmware, hardware, and supply chain. He is most comfortable working with the software layers deep in the bowels of the system, well below userland, where the lines between hardware and software begin to blur. This includes things like the bootloaders, kernel, device drivers, firmware, baseband, trusted execution environments, debug and development tools, factory and repair tools, and all the processes that surround them.

​Rob has built and managed three hardware security labs with varying budgets and levels of capabilities. These labs produced a number of projects including leading-edge security research, product security assessments, and security incident response. Capabilities have included circuit and component level testing and assessments, silicon device failure analysis (with outside help), factory and repair process/tool/system security and incident response.